CUs Should Not Be Subject To New Cyberthreat Requirements: CUNA to NIST

News Now

Washington

CUs Should Not Be Subject To New Cyberthreat Requirements: CUNA to NIST

WASHINGTON (12/16/13)--Credit unions and other financial institutions are already subject to robust cybersecurity and data security requirements, and should not be subject to additional prescriptive requirements, the Credit Union National Association said in a Friday comment letter to the National Institute of Standards and Technology.

Cybersecurity measures that credit unions are subject to include the Gramm-Leach-Bliley Act (GLBA) and other applicable data security laws, regulations, and standards from the Federal Financial Institution Examinations Council and the National Credit Union Administration.

CUNA in the comment letter said it supports NIST's goals to develop a "critical infrastructure" cybersecurity framework. However, the framework "should recognize existing, robust data security requirements and standards that apply to financial institutions," CUNA said.

The CUNA letter also urged NIST to coordinate closely with the National Credit Union Administration and other regulators to ensure a finalized framework "is consistent with, and does not expand the scope of, existing rules and regulations."

CUNA said any voluntary critical infrastructure initiatives that are developed must remain voluntary, and should not result in additional requirements on entities such as credit unions.

The letter also urged additional coordination between the public and private sectors on cybersecurity.